Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Over time I have seen a number of questions asking how to logoff users at a specific time. I personally haven't required this but decided to develop a little Windows service that manages this via schedule and not a legacy scheduled task running shutdown /l or via AD logon hours

This article explains AD System State Recovery with the authsysvol switch, what it does and when this restore should be attempted, prerequisites, demo, impact and implications. The topic is partially documented by Microsoft and DELL and lacks important details, hence tried to add entire stuff here

If user does save previous version of file from VSS, the restored previous version gets replicated to DFSR partner

If VSS is enabled on both replicated partners, the last restored file will win and replicated to all partners

Note that since VSS copy is server specific it will not get replicated across DFSR partners
The VSS versions of same file on both servers can be different based on time difference of VSS snapshot is triggered
If VSS snapshot is triggered on all replicated members at same time, you would get previous version data similar on all members, note that this is workaround as VSS copy is separate for every member

In this article I will cover Microsoft DFSR major issues and their resolution. These issues can occur during initial deployment or post-deployment. The resolution for each problem is available on the internet generally in standalone posts. I have tried to present them here collectively and detailed.

Group membership expiration is a superb new feature included with Active Directory 2016 functional level. But what if you want this functionality but you haven't upgraded yet? Since I have many clients that cannot yet leverage this new feature, I have developed a custom tool.

That's too bad. I had hoped that it would, so that we could switch to your tool instead of using what is built-in @2016 server, because the built-in method has a funny limitation (at least in our domain) : it won't work with times of 5 minutes or less (6 minutes is ok!). When using 5 minutes or less, the group will get populated, but the kerberos ticket will not be granted for whatever reason.

We would like to use less than 6 minutes, sometimes, for example when we activate a software license, we give the machine internet access for the shortest time possible (working close to the military, here, no direct internet access allowed). And to do so, we use AD groups, that the SQUID proxy works with. We would like to use, say, 1 minute, but we can't do less than 6... :-)

In this article, I am trying to collectively present DFSN and DFSR deployment considerations / best practices, in general, to avoid known DFSN and DFSR issues during and post-deployment. The article would help in defining DFSN and DFSR architecture and configuration.

This article documents the process of assigning different password policies based on user account password strength. The result of this script is that all the users that are using weak passwords are forced to have a password policy on them that allows their passwords to be valid for fewer days.

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

This command line tool can be used to quickly create a folder structure for a file server. Not only does it assist in creating the folders, it creates the appropriate groups and assigns the correct permission.

This article outlines the Importance of Certificate Authority validity period and its impact on Certificate Renewal Process. The article also details out CA certificate renewal process along with CA validity period extension.

CRL need to be published in two cases
When your existing CRL validity is expired - You should have keep CRL validity period good enough for Offline Root CA, say, on e year
OR
if you have revoked any certificate

Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).

I’m a fan of folder redirection, however, it does have a couple of “Gotchas!” you have to look out for. For example, if you redirect a user’s AppData folder to a DFS namespace, shortcuts on the taskbar are no longer trusted. Here’s how to fix that.

One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway. Forget that we don't back up the desktops - only the servers. Well, let's sneak their data onto the servers without them knowing about it.

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.

I wonder, have you ever been in this kind of situation that you couldn't find the owner of the number who has just called you, and you were certain that this was a company number, which means it should be fairly easily be found in Outlook address book or in Active Directory?
Except for admin tools I have in hand I also tried to search for the phone number in Outlook without success. How about you?

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something similar. But what if you want something simple?

Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.